StrideOps.aiStrideOps.ai Documentation
DocumentationAPI Reference

Authentication

Authenticate with the StrideOps API using bearer tokens.

API tokens

All public API requests require a bearer token. Tokens are issued from Settings → API Tokens in the StrideOps dashboard. Each token is scoped to a single organization.

Bearer header (recommended)

curl https://api.strideops.ai/v1/contacts \
  -H "Authorization: Bearer sk_your_api_key"

X-API-Key header (alternate)

curl https://api.strideops.ai/v1/contacts \
  -H "X-API-Key: sk_your_api_key"

Base URL

https://api.strideops.ai/v1

Treat tokens like passwords. Don't share them in publicly accessible places: GitHub repos, client-side JavaScript, mobile app bundles, screenshots, support tickets, or analytics events.

Token rotation

You can revoke and rotate tokens at any time from the dashboard. Old tokens stop working immediately on revoke - there's no grace period - so coordinate rotations with whoever consumes the token.

Rate limits

Requests are rate-limited per token. Limits depend on your plan. When exceeded, the API returns 429 Too Many Requests with a Retry-After header indicating the number of seconds to wait.

HTTP status codes

| Status | Meaning | | ------ | ------- | | 200 | OK | | 201 | Created | | 204 | No Content (delete succeeded) | | 400 | Bad Request - malformed JSON or invalid query parameters | | 401 | Unauthorized - invalid, expired, or missing token | | 402 | Payment Required - insufficient credits or plan limit reached | | 403 | Forbidden - token lacks permission for this resource | | 404 | Not Found | | 409 | Conflict - duplicate resource (e.g. unique constraint violation) | | 422 | Validation Error - request body failed schema validation | | 429 | Too Many Requests - rate limited | | 500 | Internal Server Error | | 503 | Service Unavailable - temporary outage |

Error response shape

All non-2xx responses return JSON with this shape:

{
  "error": {
    "code": "validation_error",
    "message": "phone must be a valid E.164 number",
    "field": "phone"
  }
}

code is stable and safe to switch on. message is human-readable and may change. field is included for 400, 422, and 409 responses when the error points at a specific field.

Webhooks (signature verification)

Some products (Proposals, integrations) post webhooks back to your server. Verify the X-Stride-Signature HMAC-SHA256 header before trusting the payload. The signing secret is shown once when you create the webhook endpoint in the dashboard.

import crypto from 'node:crypto';

function verify(rawBody: string, header: string, secret: string): boolean {
  const expected = crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
  return crypto.timingSafeEqual(Buffer.from(header), Buffer.from(expected));
}

Quickstart

Make your first API call in under five minutes.

Voice Agents

Build AI agents that make and receive phone calls with natural conversation.